Hello,
Thank you for the disclosure of this issue. I'd like to better understand
the extent of the problem, for which the code snippets have been very
helpful, but I still would need some help in the case of the server
vulnerability.
Could you confirm my impression that the server vulnerabilit
[EMAIL PROTECTED] wrote:
> Could you confirm my impression that the server vulnerability can only
> overflow the buffer in 3 bytes?
Yes, the buffer is overflowed just by those 3 bytes plus the Windows
error message created with FormatMessage().
> Is there a way to exploit this for code executio
###
Luigi Auriemma
Application: [EMAIL PROTECTED]
http://www.ultravnc.com
http://ultravnc.sourceforge.net
Versions: <= 1.0.1 (and current CVS)
(tabbed_v